Added reporting of environment info (MySQL version, PHP version and Operating System) – this will allow us to get a better understanding of the systems we are supporting.

Added option to optimize search index in ui.

Changed the way Lucene stores data to speed up indexing and searching (requires a re-index).

Typing issue number in search box will bring you straight to the issue.

Detecting mimetype for new attachments automatically.

Not truncating issue subject in issue lists.

Languages:

Added Czech translation.

Updated all language files with the latest translations (thanks to the hard work of some of our customers!)

Lucene

We have changed the way we index issue data in Bugify. These changes have dramatically improved performance of searching and indexing, especially if you have a large number of issues. In order to take full advantage of the changes, we recommend you re-index all your issues. To do this, go to Settings – General Settings, click on the Lucene Details link, and click the “Re-Index Issues” button.

Remember – if you’re working on language files, or have any custom code – make sure to take a backup before updating! Backing up before updating is always a good idea.

Thanks to the hard work of Carlos Silva Villamizar and John Gamarra Gonzalez from High Developer S.A.S., we now have a Spanish translation of Bugify! We have had a number of requests for a Spanish translation lately so we are very thankful for their help.

All the Bugify translations so far have been done by helpful customers. We are so grateful for the hard work you do to provide translations for Bugify. Below are all the languages we currently support:

English

German

Spanish

French

Latvian

Dutch

Polish

Portuguese

Russian

Chinese

If you would like to see another language listed here, and are willing to help translate, please get in touch.

Some of these translations are a little out-of-date as new updates are released and we haven’t sent out requests for new strings to be translated. If you notice some English sentences showing when you should be seeing your language, please feel free to update the language file (application/languages) and send the updated file back to us. We are aiming to setup a better system for keeping track of translations, but in the meantime if you’re able to help out at all by filling in the missing translations where possible it would be very much appreciated.

Thanks again to all our wonderful customers!

P.S., the Spanish translation will be available in the next release due out very shortly.

A week ago we released v1.6.1052 which included a number of security fixes. The issues were reported to us by a security researcher on Saturday 7th June, 2014 (NZT). Within 24 hours, we had reviewed the reports and implemented fixes. The following 24 hours involved testing the updates, which was followed by a public release on Monday 9th June, 2014 (NZT). We then gave everyone a couple of days to update before detailing the security-related changes here.

The issues affected the Bugify web app – not bugify.com or any other apps/services.

Brute-force attacks on login
There were no measures in place to rate-limit or block brute-force attacks. We have implemented a temporary change to pause for 2 seconds on a failed auth. This will slow down brute-force attacks, but will not stop them (truth is, there aren’t really any solutions to prevent or stop brute-force attacks, but there is more we can – and will – do to mitigate them).
More info: https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

XSS (Cross site scripting)
There was one area that allowed XSS with label (tags) names. All data is automatically escaped when it is sent to the view, but this data was being loaded from a view helper and did not go through the auto-escaping. This has now been fixed.
More info: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)